this post was submitted on 10 Dec 2025
324 points (96.0% liked)

Technology

77090 readers
2591 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
324
Notepad++ updater installed malware (www.heise.de)
submitted 2 days ago* (last edited 2 days ago) by schizoidman@lemmy.zip to c/technology@lemmy.world
45 comments fedilink hide all child comments
 

https://archive.is/uCWNB

you are viewing a single comment's thread
view the rest of the comments
[–] techt@lemmy.world 8 points 1 day ago (1 children)

This is the explanation for why:

https://notepad-plus-plus.org/news/v883-self-signed-certificate/

[–] sem@piefed.blahaj.zone 4 points 1 day ago* (last edited 1 day ago) (1 children)

2025-07-09 **“Sometimes, when one door closes (lack of code signing) in life, another one opens (vulnerability) .”\

collapsed inline media

The sentence sumarizes well the situation in the previous version, 8.8.2.

There were - and still are - many false-positives reported in the previous version v8.8.2, by the antivirus software due to the absence of Windows code signing certificate.


1. ~~Double-click the certificate, it may tell you it’s invalid, ignore that and click: \*\*“Install Certificate..”~~\*\*~~.~~
2. ~~In the Certificate Import Wizard, select \*\*“Local Machine”~~**\~\~, then click \~\~**~~Next~~\*\*~~.~~
3. ~~If prompted by UAC (optional, depending on admin Previleges), click ~~**~~Yes~~**~~.~~
4. ~~Choose \*\*“Place all certificates in the following store”~~**\~\~, then browse and select \~\~**~~“Trusted Root Certification Authorities”~~**\~\~. Click \~\~**~~Next~~\*\*~~.~~
5. ~~On the final page of the wizard, click~~ **~~Finish~~** ~~to complete the installation.For detailed instructions, see Notepad++ User Manual.~~

We’re still trying to obtain a certificate issued by conventional Certificate Authorities, for a better user experience. But let’s be honest: it’s probably not happening. Notepad++ isn’t a business - it’s certainly not an enterprise - and apparently, that makes a popular open-source project invisible to their gatekeeping standards.

If the “gatekeepers” won’t issue a certificate under the name we deserve - so be it. At least it spares us from wasting time and energy on a frustrting process that demands we [beg for a new certificate every 3 years](https://notepad-plus-plus.org/news/v764-released/). The Notepad++ Root Certificate may not carry their approval, but it leads us to freedom.

***Edit (2025-12-03): Starting with v8.8.7, Notepad++ binaries - including the installer - are digitally signed using a legitimate certificate issued by GlobalSign. As a result, Installation of the Notepad++ root certificate is no longer required. We recommend that users who have previously installed the root certificate remove it.***
[–] sem@piefed.blahaj.zone 3 points 1 day ago (2 children)

I give up trying to fix the formatting. I had it right, but then adding the image, fucked everything up again, and now blorp crashes when I try to edit it again.

I guess this will be one of the rare cases when you do have to read the article in order to be informed instead of just the comments.

[–] Redjard@lemmy.dbzer0.com 5 points 1 day ago (2 children)

I cleaned it up. Your editor doesn't like to nest formatting apparently. Using an editor that lets you write the markdown directly is probably better, and you are probably already familiar with markdown anyway, since it's used all over the place.

2025-07-09 “Sometimes, when one door closes (lack of code signing) in life, another one opens (vulnerability).”

collapsed inline media

The sentence sumarizes well the situation in the previous version, 8.8.2.

There were - and still are - many false-positives reported in the previous version v8.8.2, by the antivirus software due to the absence of Windows code signing certificate. ~~How to install the root certificate:~~

  1. ~~Double-click the certificate, it may tell you it’s invalid, ignore that and click: “Install Certificate..”.~~
  2. ~~In the Certificate Import Wizard, select “Local Machine”, then click Next.~~
  3. ~~If prompted by UAC (optional, depending on admin Previleges), click Yes.~~
  4. ~~Choose “Place all certificates in the following store”, then browse and select “Trusted Root Certification Authorities”. Click Next.~~
  5. ~~On the final page of the wizard, click~~ ~~Finish~~ ~~to complete the installation.For detailed instructions, see Notepad++ User Manual.~~

We’re still trying to obtain a certificate issued by conventional Certificate Authorities, for a better user experience. But let’s be honest: it’s probably not happening. Notepad++ isn’t a business - it’s certainly not an enterprise - and apparently, that makes a popular open-source project invisible to their gatekeeping standards.

If the “gatekeepers” won’t issue a certificate under the name we deserve - so be it. At least it spares us from wasting time and energy on a frustrting process that demands we beg for a new certificate every 3 years. The Notepad++ Root Certificate may not carry their approval, but it leads us to freedom.

Edit (2025-12-03): Starting with v8.8.7, Notepad++ binaries - including the installer - are digitally signed using a legitimate certificate issued by GlobalSign. As a result, Installation of the Notepad++ root certificate is no longer required. We recommend that users who have previously installed the root certificate remove it.

[–] moseschrute@lemmy.world 1 points 1 day ago* (last edited 1 day ago)

Blorp lets you edit markdown directly. Theres an icon button to switch to the raw markdown editor (look for the M⬇️ icon). I assume you’re not using Blorp, but for anyone else reading this.

[–] sem@piefed.blahaj.zone 1 points 1 day ago

Thank you kind stranger

[–] moseschrute@lemmy.world 1 points 1 day ago (1 children)

Blorp dev here. I would love to fix this bug. If there’s any chance you could type out instructions to recreate the crash, I’ll get this fixed ASAP.

[–] sem@piefed.blahaj.zone 2 points 1 day ago (1 children)

Thanks! Here's how you can try to replicate it:

  1. Be on Android, with IronFox as the browser
  2. Reply to this comment: https://piefed.blahaj.zone/post/453110#comment_2488545
  3. Go to this website https://notepad-plus-plus.org/news/v883-self-signed-certificate/
  4. Select the text starting with 2025-07-09 and ending with We recommend that users who have previously installed the root certificate remove it.
  5. Switch back to Blorp, and start your comment with a > Blorp automatically converted this into a quote block. Everything is good so far
  6. Paste the formatted text from the webpage. Notice that there are some problems converting the formatted text into markdown: strikethroughs are inconsistent, codeblocks are present when none exist in the copied text, etc.,
  7. Switch to editing markdown mode in the bottom right corner
  8. Clean up the formatting -- remove the code blocks, clean up the strikethroughs so they match the website
  9. Save the image from the notepad++ website
  10. Switch back to visual mode
  11. Place the cursor where the image should go, put in a few line breaks (should still be within the nested quote)
  12. Upload the image
  13. Blorp becomes unresponsive
  14. Closing and reopening the app gets it responsive again, but it goes unresponsive any time you edit that comment.

Let me know if this helps of if you have any advice for how to make bug reports!

[–] moseschrute@lemmy.world 1 points 21 hours ago* (last edited 21 hours ago)

Idk if you have professional experience writing tickets, but this is very well written. Most people just write “the screen is blank” lol. It will take me a little time to dig into this, but that you for the instructions!